Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2080870imu; Wed, 12 Dec 2018 09:10:56 -0800 (PST) X-Google-Smtp-Source: AFSGD/X7ptGbG9mCO74n2mRW15sVHMh7qaqGVhaY8WRvf15PFJjU12ikR1d6uOdCjnq8mY3djlRU X-Received: by 2002:a17:902:c05:: with SMTP id 5mr20782938pls.155.1544634656436; Wed, 12 Dec 2018 09:10:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544634656; cv=none; d=google.com; s=arc-20160816; b=v7llqqu9SUWWqfo4A2tkk3LrafS8YWf6/tfTXNM7jk9+W5fP1bchhfiX6LvfkCdD2p +C9hM+WHmKGwgEkb6VYxCfcLYQQdZOrnR2JLu09TsRGvjk/n3vie6GlZ6cYKJRlMd05X SkzQY07QvqzGkhmSC9M3TRlaANBQTQXVl9vsPKm2AgX2qXwb3dE7JF03pDhjgudcG7d6 ioHE27UkMd0LfFud3UdpjMGWp61GTfdiV22257KHN8xbpzi2ekWhca0YqHFgrnk1YyxC kR+fN/+ahcA5PB+gyjIeSfhHkx4iyEfW/yDzs05jbl7vyvTFqzNyih8ZGcnPCYPRH8eZ xsEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:mime-version:user-agent:date:message-id:subject :from:references:to:dkim-signature; bh=dh9qOi2gOchLt7Tz6Maz2KC2vgfIol/GoPb1igeBc1A=; b=StFL0X1w1PuB/G8S5SI/JHVv+UT65k7PB8Gh3AhzPrqwj60iCH5bPum5s0b22BSbeN uxuArfY828KYRR5T+RTUDE5JZG2iT0P/0lfDnj4l4GV8yaA3Yw3JagGcAhOj5vhaiZL4 WxBUSNsQ46xtjuBynu9O9m3RJile5vvH4oLqZySYwPkE36KERj7GF0t+4FrZzSQdEdh2 yVpi9d4/r8OtW6BUDSXiJ0VPBNBm4t1GkflmSi4LneDmL2AmDlGGmM2XRT/t6e6XItKk nUzazpJYOECtSvHIrDBaBpQDi8/OHl2Fa7Wa2xu8mpWCh52yZnTt+ABGFHoTn1cuSYRm Zh+g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=sjDoTDJX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f4si14593742pgg.492.2018.12.12.09.10.30; Wed, 12 Dec 2018 09:10:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=sjDoTDJX; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727985AbeLLRHp (ORCPT + 99 others); Wed, 12 Dec 2018 12:07:45 -0500 Received: from mail-lj1-f195.google.com ([209.85.208.195]:40889 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726922AbeLLRHo (ORCPT ); Wed, 12 Dec 2018 12:07:44 -0500 Received: by mail-lj1-f195.google.com with SMTP id n18-v6so16940414lji.7; Wed, 12 Dec 2018 09:07:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:references:from:subject:message-id:date:user-agent:mime-version :content-language:content-transfer-encoding; bh=dh9qOi2gOchLt7Tz6Maz2KC2vgfIol/GoPb1igeBc1A=; b=sjDoTDJXxxR1ybcmz1ccs9HVVPfu+yihkJfkvKRCxlpEnaMgfPM7DGZzKomAfqdTRt EwqKVzDaf9bKol2ed7dLjN2FUBd8zwQvtp1ENgjw7OS1a/fuOAtKfchGPUkqaaJUQBkf a2id6onOVtmXF2QiwSoAWp5wDHGknEmUpgvwIEIZ7bukmaN69TgP1Kiv2x+C1F3tee53 8In8n0i4hd49wCBwwB618kO1kacTWPLipo7/BoeS5WC20QbDd1z6qSOAcO6R4uDu6Vzh rn7s3MjAauS94Xrb+mD8EUUyweR/h7846XdmJcjx0thDHDPru9Dpr0Ks8B2LpVja+yDi +B7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:references:from:subject:message-id:date :user-agent:mime-version:content-language:content-transfer-encoding; bh=dh9qOi2gOchLt7Tz6Maz2KC2vgfIol/GoPb1igeBc1A=; b=DEHDzi2AI31GXEdjC07r3ezquG6mc2WA7eCfsupFcK+Nv0UUEwUv2Pmh3POWFAbxps 2WXscDRf2w/2B9ylA+HZPeMOB02eKHk2hMysudM5YJpmn49542O5tcMoUIRJzJpIGrau L1504rSwJ6fpqG8tQRK5eMoaloxMkmo5wjupPTt8wRMBC3XTcoTW/fNszICkKikRIjVo NqdPm0p8CWcQkycJHLE/zczds3LW0+Mw76t6D5t8NYTBikN9zku6RnSAgmMp/1EHsa0l CVLK55hQMypkjEixLhYFIKdEJMenPWU5oRMQsKkhrU4STw9ISqTaAJqEhNcQYyBjhV9A ZRhw== X-Gm-Message-State: AA+aEWaxrGpov0Nf4L8XPds9PlxZ+scykouuBNajuiNc1VBwkTm6Hs0t mca7AyFwpgOPEuQxj4KACZo= X-Received: by 2002:a2e:1bc5:: with SMTP id c66-v6mr12543405ljf.96.1544634462234; Wed, 12 Dec 2018 09:07:42 -0800 (PST) Received: from [192.168.55.63] (nat.ds19.agh.edu.pl. [149.156.124.19]) by smtp.gmail.com with ESMTPSA id b69sm3378967lfl.28.2018.12.12.09.07.40 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 12 Dec 2018 09:07:41 -0800 (PST) To: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, kvm@vger.kernel.org, vgoyal@redhat.com, miklos@szeredi.hu, stefanha@redhat.com, dgilbert@redhat.com, sweil@redhat.com, swhiteho@redhat.com References: From: Piotr Jurkiewicz Subject: Re: [PATCH 00/52] [RFC] virtio-fs: shared file system for virtual machines Message-ID: Date: Wed, 12 Dec 2018 18:07:40 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Currently, virtio-9p cannot be used with overlayfs in order to obtain Docker-like experience (but with separate kernel) because of file attributes problems. I wrote an email about that to qemu-devel almost year ago, but it received no attention (I attach its contents below.). Will virtio-fs avoid these problems? I assume it will be transparent from the point of view of file attributes, and not enforce any kind of security filtering? Piotr Jurkiewicz ---- 1. Upper filesystem must support the creation of trusted.* extended attributes. 9pfs has support for getting/setting xattrs, but calls operating on attributes other than user.* and system.posix_acl_* are dropped. 2. Upper filesystem must provide valid d_type in readdir responses. This works, but only in case of 'passtrough' and 'none' security models. In the case of 'mapped-xattr' and 'mapped-file' models, d_type is being zeroed to DT_UNKNOWN during readdir() call. All these limitations can be resolved pretty easily, but requires some design decisions. I can prepare appropriate patches. Ad. 1. Why are operations on attributes other than than user.* and system.posix_acl_* forbidden? Is this due to security reasons? If so, can we map all of them to user.virtfs namespace, similarly as system.posix_acl_* are being mapped to user.virtfs.system.posix_acl_* in 'mapping' mode already? This way any trusted/security/system attributes will be effective only when mounted via virtfs inside VM. Ad. 2. local_readdir() can fill entry->d_type with the right DT_* value by obtaining file type from mapping and translating it with IFTODT() macro. This would, however, require reading 'user.virtfs.mode' for each direntry during readdir() call, what can affect performance. If so, this behavior would probably need to be controlled with some runtime option. 'mapped-xattr' and 'mapped-file' models are essential for running qemu with overlayfs as non-root, because overlayfs creates device nodes, what is possible for unprivileged user only with these models.